Educause Security Discussion mailing list archives

Re: IPS

From: Wayne Bullock <wayne () FAU EDU>
Date: Thu, 20 Jul 2006 11:31:44 -0400

I should clarify that the ISDM-2 is an IPS blade that works with MARS.
MARS provides the analysis. The problem with it (in my mind anyway) is
its ceiling on throughput.

The firewall blade for the 6500 provides more throughput, certainly
several Gig.

--Wayne

-----Original Message-----
From: Wayne Bullock [mailto:wayne () FAU EDU] 
Sent: Thursday, July 20, 2006 11:18 AM
To: SECURITY () LISTSERV EDUCAUSE EDU
Subject: Re: [SECURITY] IPS

What I remember about the Cisco blade for the 6500 when I looked at it a
while back is that the throughput on it was less than 1G. Maybe 500Mbps?
That was the IDSM-2. It can work directly with MARS though which is
good.  

The earlier IDSM was IDS only.

        --Wayne

-----Original Message-----
From: Scholz, Greg [mailto:gscholz () KEENE EDU] 
Sent: Thursday, July 20, 2006 11:11 AM
To: SECURITY () LISTSERV EDUCAUSE EDU
Subject: Re: [SECURITY] IPS

I also thought Cisco made a PIX blade for the 6509? Is that not still
the case? And also an IDS blade?  Never used them, but I would hope that
with what Cisco charges these pieces would nicely integrate.

_________________________
Thank you,
Gregory R. Scholz
Lead Network Engineer
Information Technology Group
Keene State College
(603)358-2070
 
--Lead, follow, or get out of the way. 
(author unknown)
 

-----Original Message-----
From: John Kaftan [mailto:jkaftan () HOTMAIL COM] 
Sent: Thursday, July 20, 2006 10:51 AM
To: SECURITY () LISTSERV EDUCAUSE EDU
Subject: [SECURITY] IPS

Thanks to all who have responded to my IPS question.  Looks like Tipping

Point is the IPS of choice.  It looks like the Tipping Point is an
in-line 
device.  This works great for an internet connection but I am not sure
how I 
would use it to secure inter-VLAN traffic.  I am also concerned about 
traffic between my VLANs.  Since I have a MSFC on a 6509 to handle my 
routing.  I do not see where the Tipping Point device would sit.

I am thinking about moving to having a seperate FW to handle all of my 
routing between VLANS  That way I could place the IPS in-line between my
FW 
and the core switch.    Also I would have added security of a firewall
at 
the core rather then just access lists.

I am wondering if any manufactures have included IPS in their firewall
so I 
could use one device to do it all.

Thoughts?

_________________________________________________________________
FREE pop-up blocking with the new MSN Toolbar - get it now! 
http://toolbar.msn.click-url.com/go/onm00200415ave/direct/01/

Current thread:

IPS John Kaftan (Jul 20)
- <Possible follow-ups>
- Re: IPS Wes Young (Jul 20)
- Re: IPS Wood, Anne M (wood) (Jul 20)
- Re: IPS Lee Weers (Jul 20)
- Re: IPS Scholz, Greg (Jul 20)
- Re: IPS John Rasmussen (Jul 20)
- Re: IPS Wayne Bullock (Jul 20)
- Re: IPS Wayne Bullock (Jul 20)
- Re: IPS Dave Koontz (Jul 21)